Method and system for installing an application in a security element

US 10,481,887 B2
Filed: 11/20/2013
Issued: 11/19/2019
Est. Priority Date: 11/22/2012
Status: Active Grant

First Claim

Patent Images

1. A method for installing an application in a security element of a portable end device, the security element comprising its own hardware-based secure runtime environment and a secure memory that are separate from the portable end device, the method comprising the steps of:

receiving an installation job at a first installation device for installing the application on the security element, the installation job being provided to the first installation device from the security element, wherein the security element receives the application from an application server that is separate from the first installation device;

checking at the first the received installation job to determine whether the received installation job can be executed by the first installation device without interaction with a second installation device;

wherein upon determining that the received installation job can be executed by the first installation device, processing the installation job by the first installation device;

wherein the first installation device receives the installation job from the security element or from a second security element different from the security element, andwherein upon determining that the received installation job cannot be executed by the first installation device without interaction with the second installation device, the first installation device interacts with the second installation device by relaying the installation job to the second installation device such that the application is installed on the security element by the second installation device to which the installation job was relayed, or by the first installation device requesting an installation authorization for carrying out the installation job from the second installation device,wherein the security element comprises a determination table which states when the first installation device can execute the installation job, and which states when the first installation device can interact with the second installation device to execute the installation job;

wherein the security element uses the determination table to determine which of the first and second installation devices are to be involved in the execution of the installation job;

wherein the first installation device can access the determination table of the security element in order to determine that the second installation device is suitable for interaction with the first installation device to execute the installation job; and

wherein the first installation device and the second installation device are trusted service manager devices and the second installation device is separate from the first installation device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for installing an application in a security element of a portable end device comprises the following steps: the installation device receives an installation job for installing a pre-specified application on a pre-specified security element. The job is processed by the installation device which receives the installation job from the pre-specified security element itself or from a further security element different from the pre-specified security element.

47 Citations

5 Claims

1. A method for installing an application in a security element of a portable end device, the security element comprising its own hardware-based secure runtime environment and a secure memory that are separate from the portable end device, the method comprising the steps of:
- receiving an installation job at a first installation device for installing the application on the security element, the installation job being provided to the first installation device from the security element, wherein the security element receives the application from an application server that is separate from the first installation device;
  
  checking at the first the received installation job to determine whether the received installation job can be executed by the first installation device without interaction with a second installation device;
  
  wherein upon determining that the received installation job can be executed by the first installation device, processing the installation job by the first installation device;
  
  wherein the first installation device receives the installation job from the security element or from a second security element different from the security element, andwherein upon determining that the received installation job cannot be executed by the first installation device without interaction with the second installation device, the first installation device interacts with the second installation device by relaying the installation job to the second installation device such that the application is installed on the security element by the second installation device to which the installation job was relayed, or by the first installation device requesting an installation authorization for carrying out the installation job from the second installation device,wherein the security element comprises a determination table which states when the first installation device can execute the installation job, and which states when the first installation device can interact with the second installation device to execute the installation job;
  
  wherein the security element uses the determination table to determine which of the first and second installation devices are to be involved in the execution of the installation job;
  
  wherein the first installation device can access the determination table of the security element in order to determine that the second installation device is suitable for interaction with the first installation device to execute the installation job; and
  
  wherein the first installation device and the second installation device are trusted service manager devices and the second installation device is separate from the first installation device.
- View Dependent Claims (2)
- - 2. The method according to claim 1, wherein the first installation device accepts the installation job according to a first Internet-based communication protocol, or that the first installation device accepts the installation job according to a second communication protocol different from the first communication protocol, with the second communication protocol being configured as a chip card communication protocol.

3. An installation device for installing an application on a security element of a portable end device, comprising:
- one or more processors; and
  
  one or more computer-readable media having thereon computer-executable instructions that are structured such that, when executed by the one or more processors, cause the installation device to;
  
  accept an installation job for installing a pre-specified application on a pre-specified security element;
  
  initiate an installation of the pre-specified application on a the pre-specified security element upon checking the installation job to determine whether the installation job can be executed by the installation device without interaction with a second installation device that is different from the installation device, the installation job being provided to the installation device from the pre-specified security element, wherein the pre-specified security element receives the pre-specified application from an application server that is separate from the installation device, andprocess installation job upon determining that the installation job can be executed by the installation device, andinteract with the second installation device, upon determining that the installation job cannot be executed by the installation device without interaction with the second installation device, by replaying the installation job to the second installation device such that the pre-specified application is installed on the pre-specified security element by the second installation device to which the installation job was relayed or by the installation device requesting an installation authorization for carrying out the installation job from the second installation device,wherein the pre-specified element comprises a determine table which states when the installation device can execute the installation job, and which states when the installation device can interact with the second installation device to execute the installation job,wherein the pre-specified security element uses the determination table to determine which of the installation device and the second installation device are to be involved in the execution of the installation job;
  
  wherein the installation device can access the determination table of the pre-specified security element in order to determine that the second installation device is suitable for interaction with the first installation device to execute the installation job; and
  
  wherein the installation device and the second installation device are trusted service manager devices and the second installation device is separate from the installation device.
- View Dependent Claims (4)
- - 4. The installation device according to claim 3, wherein the computer-executable instructions are structured, when executed, to further cause the installation device to:
    - accept installation jobs according to a first Internet-based communication protocol, oraccept installation jobs according to a second communication protocol different from the first communication protocol, with the second communication protocol preferably being configured as a chip card communication protocol.

5. A system for installing an application in a security element of a portable end device, the system comprising:
- a first installation device;
  
  a second installation device;
  
  a portable end device including a security element;
  
  the security element configured to;
  
  receive an application from an application server that is different from the first and second installation devices; and
  
  provide an installation job for installing the application to the first installation device,the security element comprising a determination table which states when the first installation device can execute the installation job, and which states when the first installation device can interact with the second installation device to execute the installation job, wherein the security element uses the determination table to determine which of the first and second installation devices are to be involved in the execution of the installation job;
  
  the first installation device configured to;
  
  receive the installation job from the security element;
  
  check the installation job to determine whether the installation job can be executed by the first installation device without interaction with the second installation device, wherein the first installation device can access the determination table of the security element in order to determine that the second installation device is suitable for interaction with the first installation device to execute the installation job;
  
  upon determining that the received installation job can be executed by the first installation device, process the installation job; and
  
  upon determining that the installation job cannot be executed by the first installation device without interaction with the second installation device, interacting with the second installation device by relaying the installation job to the second installation device;
  
  the second installation device configured to, when the relayed installation job is received from the first installation device;
  
  process the installation job;
  
  orprovide an authorization to the first authorization device for processing the installation job; and
  
  wherein the first installation device and the second installation device are trusted service manager devices and the second installation device is separate from the first installation device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Giesecke + Devrient Mobile Security GmBH (Giesecke & Devrient GmbH)
Original Assignee
Giesecke + Devrient Mobile Security GmBH (Giesecke & Devrient GmbH)
Inventors
Weiss, Dieter
Primary Examiner(s)
Nguyen, Mongbao

Application Number

US14/442,927
Publication Number

US 20150286473A1
Time in Patent Office

2,190 Days
Field of Search
US Class Current
CPC Class Codes

G06F 8/61 Installation

G06Q 20/3552 Downloading or loading of p...

Method and system for installing an application in a security element

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

5 Claims

Specification

Use Cases

Quick Links

Others

Method and system for installing an application in a security element

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

5 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others